SSO

Actions

Actions related to IAM actions

Operations

Client

Actions related to clients in Aritma ID

Operations

Domains

Actions related to domains registered for the tenant, and their verification status

Operations

Me

Actions listing information about the currently authenticated user

Operations

Policies

Actions related to IAM policies

Operations

Role

Actions related to Aritma ID roles

Operations

Scim

Actions related to SCIM tokens

Operations

Scope

Actions related to scopes in Aritma ID

Operations

Actions common for all SSO providers

Operations

SSO - Azure AD (Entra ID)

Actions relating to AzureAd as an SSO provider

Operations

SSO - Custom Providers

Actions relating to custom SSO providers

Operations

SSO - Google

Actions relating to Google as an SSO provider

Operations

Creates a new SSO provider

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Bodyapplication/json

schemestringrequired

The scheme name for the provider

displayNamestringrequired

The display name of the provider

enabledbooleanrequired

Whether or not the provider is enabled

typestringrequired

The type of identityprovider

Value"oidc"

propertiesobjectrequired

The properties that defines the behavior of this provider, dependent on which provider that is used, see json schemas for more details

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true

visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true

delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false

autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true

clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"

clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"

nameClaimTypestringrequired

The claim type used to extract the user's name from the Google token.

Example: "name"

emailClaimTypestringrequired

The claim type used to extract the user's email from the Google token.

Example: "email"

phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number from the Google token.

Example: "phone"

subjectClaimTypestringrequired

The claim type used to extract the subject identifier from the Google token.

Example: "subject"

usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false

authoritystringrequired

The Google authority URL.

Example: "https://accounts.google.com"

scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"

application/json

{
  "scheme": "string",
  "displayName": "string",
  "enabled": true,
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "subject",
    "usePkce": false,
    "authority": "https://accounts.google.com",
    "scope": "openid profile email"
  }
}

Responses

Created

Bodyapplication/jsonArray [

relstringrequired

The link relation type (e.g. self, update, delete).

Example: "self"

hrefstring or null

The URL of the related action.

Example: "/v0/sso/custom/1"

methodobjectrequired

The HTTP method to use when calling this link.

Example: "GET"

methodstringrequired

]

Response

application/json

[
  {
    "rel": "self",
    "href": "/v0/sso/custom/1",
    "method": "GET"
  }
]

Gets an SSO provider by id

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Path

idinteger(int32)required

No request payload

Responses

OK

Bodyapplication/json

idinteger(int32)required

The internal identifier of the identity provider.

Example: 1

schemestringrequired

The unique authentication scheme name used to identify this provider.

Example: "azure-ad"

displayNamestringrequired

The human-readable name shown to users on the login page.

Example: "Our Azure AD"

enabledbooleanrequired

Indicates whether this provider is currently active and available for login.

Example: true

providerNamestringrequired

The provider type name (e.g. Azure, Google, Signicat, Custom).

Example: "Azure"

typestringrequired

The protocol type of the provider (e.g. oidc, saml2p).

Example: "oidc"

propertiesobjectrequired

Provider-specific configuration properties.

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true

visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true

delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false

autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true

clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"

clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"

nameClaimTypestringrequired

The claim type used to extract the user's name from the Google token.

Example: "name"

emailClaimTypestringrequired

The claim type used to extract the user's email from the Google token.

Example: "email"

phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number from the Google token.

Example: "phone"

subjectClaimTypestringrequired

The claim type used to extract the subject identifier from the Google token.

Example: "subject"

usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false

authoritystringrequired

The Google authority URL.

Example: "https://accounts.google.com"

scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"

Response

application/json

{
  "id": 1,
  "scheme": "azure-ad",
  "displayName": "Our Azure AD",
  "enabled": true,
  "providerName": "Azure",
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "subject",
    "usePkce": false,
    "authority": "https://accounts.google.com",
    "scope": "openid profile email"
  }
}

Updates an SSO provider

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Path

idinteger(int32)required

Bodyapplication/json

idinteger(int32)required

The id of the identityprovider

schemestringrequired

The scheme name for the provider

displayNamestringrequired

The display name of the provider

enabledbooleanrequired

Whether or not the provider is enabled

typestringrequired

The type of identityprovider

Value"oidc"

propertiesobjectrequired

The properties that defines the behavior of this provider, dependent on which provider that is used, see json schemas for more details

loginEnabledbooleanrequired

Whether users can log in via this provider.

Example: true

visiblebooleanrequired

Whether this provider is shown on the login page.

Example: true

delegationEnabledbooleanrequired

Whether delegation is permitted via this provider.

Example: false

autoProvisioningEnabledbooleanrequired

Whether users are automatically provisioned on first login via this provider.

Example: true

clientIdstringrequired

The OAuth 2.0 client ID registered with the identity provider.

Example: "my-client-id"

clientSecretstring or null

The OAuth 2.0 client secret. Leave null for public clients using PKCE.

Example: "my-client-secret"

nameClaimTypestringrequired

The claim type used to extract the user's name from the Google token.

Example: "name"

emailClaimTypestringrequired

The claim type used to extract the user's email from the Google token.

Example: "email"

phoneNumberClaimTypestringrequired

The claim type used to extract the user's phone number from the Google token.

Example: "phone"

subjectClaimTypestringrequired

The claim type used to extract the subject identifier from the Google token.

Example: "subject"

usePkcebooleanrequired

Whether to use PKCE for the authorization code flow.

Example: false

authoritystringrequired

The Google authority URL.

Example: "https://accounts.google.com"

scopestringrequired

The OAuth 2.0 scopes to request (space-separated).

Example: "openid profile email"

application/json

{
  "id": 0,
  "scheme": "string",
  "displayName": "string",
  "enabled": true,
  "type": "oidc",
  "properties": {
    "loginEnabled": true,
    "visible": true,
    "delegationEnabled": false,
    "autoProvisioningEnabled": true,
    "clientId": "my-client-id",
    "clientSecret": "my-client-secret",
    "nameClaimType": "name",
    "emailClaimType": "email",
    "phoneNumberClaimType": "phone",
    "subjectClaimType": "subject",
    "usePkce": false,
    "authority": "https://accounts.google.com",
    "scope": "openid profile email"
  }
}

Responses

OK

Response

No content

Deletes an SSO provider by id

Request

Security

authorization_code_with_pkce(Required scopes:

services.iam

) or client_credentials(Required scopes:

services.iam

)

Path

idinteger(int32)required

The numeric identifier of the SSO provider to delete.

No request payload

Responses

OK

Response

No content

SSO - Signicat

Actions relating to Signicat as an SSO provider

Operations

Subjects

Actions related to IAM subjects

Operations

User

Actions related to Aritma ID users

Operations

Aritma IAM API (V1)
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

Actions

Client

Domains

Me

Policies

Role

Scim

Scope

SSO

SSO - Azure AD (Entra ID)

SSO - Custom Providers

SSO - Google

Creates a new SSO provider

Request

Responses

Was this helpful?

Gets an SSO provider by id

Request

Responses

Was this helpful?

Updates an SSO provider

Request

Responses

Was this helpful?

Deletes an SSO provider by id

Request

Responses

Was this helpful?

SSO - Signicat

Subjects

User

Aritma IAM API (V1)CopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from Claude

Actions

Client

Domains

Me

Policies

Role

Scim

Scope

SSO

SSO - Azure AD (Entra ID)

SSO - Custom Providers

SSO - Google

Creates a new SSO provider

RequestExpand all

Responses

Was this helpful?

Gets an SSO provider by id

Request

Responses

Was this helpful?

Updates an SSO provider

RequestExpand all

Responses

Was this helpful?

Deletes an SSO provider by id

Request

Responses

Was this helpful?

SSO - Signicat

Subjects

User

Aritma IAM API (V1)
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

Request

Request